Message ID | 20240607124219.3646766-1-soumya.sambu@windriver.com |
---|---|
State | Accepted |
Headers | show |
Series | [meta-oe,scarthgap,1/1] unixodbc: Fix CVE-2024-1013 | expand |
On Fri, Jun 7, 2024 at 5:42 AM Soumya via lists.openembedded.org <soumya.sambu=windriver.com@lists.openembedded.org> wrote: > > From: Soumya Sambu <soumya.sambu@windriver.com> > > An out-of-bounds stack write flaw was found in unixODBC on 64-bit > architectures where the caller has 4 bytes and callee writes 8 bytes. > This issue may go unnoticed on little-endian architectures, while > big-endian architectures can be broken. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2024-1013 > > Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> > --- > .../unixodbc/files/CVE-2024-1013.patch | 53 +++++++++++++++++++ > .../unixodbc/unixodbc_2.3.12.bb | 1 + > 2 files changed, 54 insertions(+) > create mode 100644 meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch > This seems applicable to master branch as well. If that's the case then test and send patches for the master branch first. and then send a backport patch for release branches. > diff --git a/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch > new file mode 100644 > index 000000000..688446545 > --- /dev/null > +++ b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch > @@ -0,0 +1,53 @@ > +From 76beb0938ef14276123996bfd99df23b0c7f0982 Mon Sep 17 00:00:00 2001 > +From: Soumya Sambu <soumya.sambu@windriver.com> > +Date: Fri, 7 Jun 2024 11:10:46 +0000 > +Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types > + > +These result in out-of-bounds stack writes on 64-bit architectures > +(caller has 4 bytes, callee writes 8 bytes), and seem to have gone > +unnoticed on little-endian architectures (although big-endian > +architectures must be broken). > + > +This change is required to avoid a build failure with GCC 14. > + > +CVE: CVE-2024-1013 > + > +Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1] > + > +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> > +--- > + Drivers/Postgre7.1/info.c | 6 +++--- > + 1 file changed, 3 insertions(+), 3 deletions(-) > + > +diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c > +index 63ac91f..2216ecd 100644 > +--- a/Drivers/Postgre7.1/info.c > ++++ b/Drivers/Postgre7.1/info.c > +@@ -1779,14 +1779,14 @@ char *table_name; > + char index_name[MAX_INFO_STRING]; > + short fields_vector[8]; > + char isunique[10], isclustered[10]; > +-SDWORD index_name_len, fields_vector_len; > ++SQLLEN index_name_len, fields_vector_len; > + TupleNode *row; > + int i; > + HSTMT hcol_stmt; > + StatementClass *col_stmt, *indx_stmt; > + char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING]; > + char **column_names = 0; > +-Int4 column_name_len; > ++SQLLEN column_name_len; > + int total_columns = 0; > + char error = TRUE; > + ConnInfo *ci; > +@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt; > + StatementClass *tbl_stmt; > + char tables_query[STD_STATEMENT_LEN]; > + char attname[MAX_INFO_STRING]; > +-SDWORD attname_len; > ++SQLLEN attname_len; > + char pktab[MAX_TABLE_LEN + 1]; > + Int2 result_cols; > + > +-- > +2.40.0 > diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb > index 7819387c3..dfad833e0 100644 > --- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb > +++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb > @@ -11,6 +11,7 @@ DEPENDS = "libtool readline" > SRC_URI = "https://www.unixodbc.org/unixODBC-${PV}.tar.gz \ > file://do-not-use-libltdl-source-directory.patch \ > file://0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch \ > + file://CVE-2024-1013.patch \ > " > SRC_URI[sha256sum] = "f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec" > > -- > 2.40.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#110766): https://lists.openembedded.org/g/openembedded-devel/message/110766 > Mute This Topic: https://lists.openembedded.org/mt/106541920/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch new file mode 100644 index 000000000..688446545 --- /dev/null +++ b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch @@ -0,0 +1,53 @@ +From 76beb0938ef14276123996bfd99df23b0c7f0982 Mon Sep 17 00:00:00 2001 +From: Soumya Sambu <soumya.sambu@windriver.com> +Date: Fri, 7 Jun 2024 11:10:46 +0000 +Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types + +These result in out-of-bounds stack writes on 64-bit architectures +(caller has 4 bytes, callee writes 8 bytes), and seem to have gone +unnoticed on little-endian architectures (although big-endian +architectures must be broken). + +This change is required to avoid a build failure with GCC 14. + +CVE: CVE-2024-1013 + +Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + Drivers/Postgre7.1/info.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c +index 63ac91f..2216ecd 100644 +--- a/Drivers/Postgre7.1/info.c ++++ b/Drivers/Postgre7.1/info.c +@@ -1779,14 +1779,14 @@ char *table_name; + char index_name[MAX_INFO_STRING]; + short fields_vector[8]; + char isunique[10], isclustered[10]; +-SDWORD index_name_len, fields_vector_len; ++SQLLEN index_name_len, fields_vector_len; + TupleNode *row; + int i; + HSTMT hcol_stmt; + StatementClass *col_stmt, *indx_stmt; + char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING]; + char **column_names = 0; +-Int4 column_name_len; ++SQLLEN column_name_len; + int total_columns = 0; + char error = TRUE; + ConnInfo *ci; +@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt; + StatementClass *tbl_stmt; + char tables_query[STD_STATEMENT_LEN]; + char attname[MAX_INFO_STRING]; +-SDWORD attname_len; ++SQLLEN attname_len; + char pktab[MAX_TABLE_LEN + 1]; + Int2 result_cols; + +-- +2.40.0 diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb index 7819387c3..dfad833e0 100644 --- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb +++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb @@ -11,6 +11,7 @@ DEPENDS = "libtool readline" SRC_URI = "https://www.unixodbc.org/unixODBC-${PV}.tar.gz \ file://do-not-use-libltdl-source-directory.patch \ file://0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch \ + file://CVE-2024-1013.patch \ " SRC_URI[sha256sum] = "f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec"